ibm.qradar.offense_info module – Obtain information about one or many QRadar Offenses, with filter options
Note
This module is part of the ibm.qradar collection (version 1.0.3).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ibm.qradar
.
To use it in a playbook, specify: ibm.qradar.offense_info
.
New in version 1.0.0: of ibm.qradar
Synopsis
This module allows to obtain information about one or many QRadar Offenses, with filter options
Parameters
Parameter |
Comments |
---|---|
Obtain only information of Offenses assigned to a certain user |
|
Obtain only information of Offenses that were closed by a specific closing reason |
|
Obtain only information of Offenses that were closed by a specific closing reason ID |
|
Obtain only information of Offenses that are marked with the follow up flag Choices:
|
|
Obtain only information of the Offense with provided ID |
|
Obtain only information of the Offense that matches the provided name |
|
Obtain only information of Offenses that are protected Choices:
|
|
Obtain only information of Offenses of a certain status Choices:
|
Notes
Note
You may provide many filters and they will all be applied, except for
id
as that will return only
Examples
- name: Get list of all currently OPEN IBM QRadar Offenses
ibm.qradar.offense_info:
status: OPEN
register: offense_list
- name: display offense information for debug purposes
debug:
var: offense_list
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Information Returned: always |
|
IBM QRadar Offenses found based on provided filters Returned: always |
|
Name of the service. Returned: always Sample: “arp-ethers.service” |
|
Init system of the service. One of Returned: always Sample: “sysv” |
|
State of the service. Either Returned: always Sample: “running” |
|
State of the service. Either Returned: systemd systems or RedHat/SUSE flavored sysvinit/upstart Sample: “enabled” |
Authors
Ansible Security Automation Team (@maxamillion) <https://github.com/ansible-security>